Japan's media powerhouse, Nikkei, recently witnessed a significant data breach when unauthorised access to its internal Slack platform exposed details of over 17,000 employees and partners. The Tokyo-based organisation disclosed that the breach stemmed from compromised login credentials on an employee's malware-ridden device, which enabled hackers to delve into company data.
Following the discovery in September, Nikkei swiftly implemented security protocols, including mandatory system-wide password resets. The incident did not involve leaking any sensitive source or reporting-related information. However, the exposed data included names, email IDs, and chat logs.
Although the breach's impact was extensive, it does not fall under Japan's Personal Information Protection Law. Nonetheless, Nikkei has engaged Japan's Personal Information Protection Commission in a bid for transparency, flagging the "significance" of the breach.
Absolute Security's SVP International, Andy Ward, remarked on the breach, noting the vulnerabilities inherent in employees using unmanaged personal devices for accessing corporate resources. He cautioned that such practices grant cyber attackers an advantage, compromising company security and increasing downtime risks.
Ward stressed the necessity for firms to ensure every device accessing corporate data is secured, advocating for strict access controls, endpoint health checks, and real-time monitoring as proactive measures.
Despite the challenges posed by the overlap of personal and professional device usage in hybrid work environments, organisations are urged to maintain continuous endpoint vigilance to thwart prospective attacks.
Nikkei, originating in 1876, ranks among the most influential global media institutions, celebrated for its flagship publication, The Nikkei, with monumental circulation and digital readership figures. The organisation encompasses a multitude of 40+ affiliates in sectors like publishing and broadcasting, extending its journalistic prowess across the globe with numerous bureaus both domestically and internationally.
This breach is not an isolated incident for Nikkei; previous instances, including a ransomware attack on its Singapore subsidiary in May 2022 and an email compromise in 2019, which resulted in a $29 million loss, underline the vulnerabilities plaguing media organisations reliant on cloud-based tools.
